An independent observer's record — not an audit. Each project is scored against the six checks that make autonomous money safe, marked by what is publicly verifiable today. No insider access, no guarantees. Just: show the proof.
How the agent's signing keys are held, and whether they can be extracted or coerced out. No public detail on the custody model yet.
The product implies configurable controls for agent-driven launches and trades, but hard, independently-checked on-chain caps aren't publicly documented.
No public test, report, or red-team result showing the agent resists hostile inputs or market manipulation.
No public description of a human halt mechanism, or evidence that halting actually stops funds from moving.
The team itself frames an audit as still ahead. No third-party, adversarial review has been published.
Nothing published that an outsider could re-run to get the same answer. Capability is demonstrated; safety isn't yet reproducible.
Clawnch has shipped the hard part: working token infrastructure agents can drive themselves. That's more than most. But on the six checks that decide whether autonomous money is safe, almost nothing is publicly verifiable yet — which is consistent with a team that says the audit is still ahead. The honest call: promising pre-alpha, not yet "trust it with your money." This score moves the moment public evidence appears.
Custodial wallets managed via Privy (TEE-backed infra). In the May 2026 incident the keys themselves weren't cracked — the trust/permission layer around them was. Reasonable infra, not independently audited for this integration.
The public post-mortem was explicit: the system ran with no transaction limits on high-value, irreversible transfers. A documented absence, not a theory.
Exploited in the wild: a "permission-chain" attack routed a hidden instruction through Grok to move ~$204K in tokens (SlowMist post-mortem). This is the exact vector — and it landed.
No mechanism to pause before a consequential transfer executed. A lockdown was triggered after funds moved — reactive containment, not a preventive halt.
SlowMist publicly analysed the exploit — real external scrutiny, but reactive forensics after the breach, not a proactive adversarial audit before money was at risk.
The exploit is well-documented and was effectively reproduced. But no reproducible safety verification — a test anyone can re-run to confirm it's now safe — has been published.
Bankr shipped a genuinely useful product and leans on solid custody infra (Privy). To its credit, the team disclosed the incident, locked down, and in the proof-of-concept case the funds were returned. But the checks that decide whether autonomous money is safe — limits, prompt-injection resistance, a real kill switch — weren't in place before real value moved. This isn't hypothetical risk; it's a public receipt of what skipping verification costs. Capability was proven. Safety wasn't.